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WHAT IS CLAIMED: 

1. A method for allocating a plurality of encryption keys according to a plurality 
of access authorization classes, said method comprising the steps of: 

setting an access authorization to at least one access point in advance; 
differentiating said encryption keys according to a plurality of access * 
authorization types; and 

obtaining by at least one wireless station the differentiated encryption keys in 

advance. 

2. The method of claim 1, wherein the access authorization types include 

a class 1 that indicates access authorization to an access point to which the 
wireless station is assigned, 

a class 2 that indicates access authorization to predetermined access points 
included in a locai area network (LAN) to which the wireless station is assigned, 

a class 3 that indicates access authorization to all access points included in the 
LAN to which the wireless station is assigned, and 

a class 4 that indicates access authorization to multiple access points included in 
a wide area network (WAN). 

3. The method of claim 1, further comprising a step of 

a wireless station desiring to communicate with an access point selecting from 
the plurality of encryption keys an encryption key corresponding to the access 
authorization to the access point and communicates data with the access point, wherein 
the wireless station has a plurality of encryption keys corresponding to access 
authorization types. 

4. A method for allocating one or more encryption keys according to a plurality 
of access authorization classes, comprising: 
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(a) a wireless station requesting an access point to perform authentication and 
the access point, which is requested to perform authentication, determining access 
authorization to the access point; 

(b) obtaining an encryption key and generating a shared key set including the 
obtained encryption keys in accordance with the determination result of step (a); 

(c) the wireless station requesting a LAN authentication server to perform 
authentication , and the LAN authentication server, which is requested to perform 
authentication, determining access authorization to an access point belonging to the LAN; 

(d) obtaining an encryption key and updating the shared key set by adding the 
encryption key to the shared key set in accordance with the determination result of step 
(c); 

(e) the wireless station requesting a WAN authentication server to perform 
authentication and the WAN authentication server, which is requested to perform 
authentication, determining access authorization to an access point belonging to the 
WAN; and 

(f) obtaining an encryption key and updating the shared key set by adding the 
encryption key to the shared key set in accordance with the determination result of step 
(e). 

5. The method of claim 4, wherein step (a) further comprises a step of the 
wireless station requesting an access point to perform authentication, and the access point 
which is requested to perform authentication determining whether or not access 
authorization to the access point corresponds to a class 1, said class 1 indicating access 
authorization to an access point to which the wireless station is assigned. 

6. The method of claim 4, wherein step (c) further comprises the steps of: 
(c 1 ) the LAN authentication server determining whether or not the access 

authorization to the access point corresponds to a class 2, said class 2 indicating access 
authorization to predetermined access points included in a LAN to which the wireless 
station belongs to; 
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(c2) if a determination result of step (cl) indicates that the access authorization 
corresponds to said class 2, obtaining an encryption key of class 2, and determining 
whether or not the access authorization corresponds to a class 3, said class3 indicating 
access authorization to all access points included in the LAN to which the wireless station 
belongs to; and 

(c3) if a determination result of step (c2) indicates that the access authorization 
corresponds to said class 3, obtaining an encryption key of class 3. 

7. The method of claim 6, wherein step (c2) further comprises the steps of: 
allocating a null encryption key if the determination result of step (cl) indicates 

that the access authorization does not correspond to said class 2; 

determining whether the access authorization corresponds to class 3; and 
allocating a null encryption key if a determination result indicates that the access 

authorization does not correspond to class 3. 

8. A roaming method for a wireless station using a plurality of encryption keys 
allocated according to a plurality of access authorization classes, said method comprising 
the steps of: 

(a) setting an access authorization to an access point in advance, differentiating 
said plurality of encryption keys according to a plurality of access authorization types and 

a wireless station obtaining in advance an encryption key set including the 
differentiated plurality of encryption keys for respective access points; 

(b) receiving a command to communicate with an access point not available for 
communication using an encryption key currently selected in the encryption key set; 

(c) determining an access authorization to the access point not available for 
communications; 

(d) selecting an encryption key from the encryption key set obtained in advance 
corresponding to the determined access authorization; and 

(e) using the selected encryption key to encrypt a transmission message and 
communicate with the access point not available for communication. 
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9. The method of claim 8, wherein the access authorization types of the 
encryption key set include 

a class 1 that indicates access authorization to an access point to which the 
wireless station is assigned, 

a class 2 that indicates access authorization to predetermined access points 
included in a local area network (LAN) to which the wireless station is assigned, 

a class 3 that indicates access authorization to all access points included in the 
LAN to which the wireless station is assigned, and 

a class 4 that indicates access authorization to multiple access points included in 
a wide area network (WAN). 

10. A computer readable medium having embodied thereon a program of 
instructions executable by a computer for performing the method of claim 4. 

1 1 . A computer readable medium having embodied thereon a program of 
instructions executable by a computer for the method of claim 8. 

12. An apparatus for allocating a plurality of encryption keys according to a 
plurality of access authorization classes, comprising: 

an access authorization determining unit for determining an access authorization 
class for communication between a wireless station from a plurality of wireless stations 
and an access point from a plurality of access points; 

an encryption key storing unit which stores said plurality of encryption keys 
according to said access authorization classes; and 

an encryption key allocation unit which reads an encryption key from the 
encryption key storing unit corresponding to a determination result of the access 
authorization determining unit and transfers a value of said encryption key to the wireless 
station. 
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13. The apparatus of claim 12, wherein the access authorization classes include 
a class 1 that indicates access authorization to an access point to which the 

wireless station is assigned, 

a class 2 that indicates access authorization to predetermined access points 
included in a local area network (LAN) to which the wireless station is assigned, 

a class 3 that indicates access authorization to all access points included in the 
LAN to which the wireless station is assigned, and 

a class 4 that indicates access authorization to multiple access points included in 
a wide area network (WAN). 

14. A computer readable medium having embodied thereon a structure of a 
wireless data packet used for allocating encryption keys according to access authorization 
classes in a wireless network that comprises a wireless station and an access point, the 
medium comprising: 

a header of said data packet transmitted through the wireless network; 

an access authorization information storing field, which indicates access 
authorization for communication between the wireless station and the access point; 

an encrypted data field in which data contents to be transmitted are encrypted 
and stored; and 

an error correction field, which is used to correct data error. 

15. The computer readable medium of claim 14, wherein the access 
authorization information storing field comprises two bits and through possible 
combinations of the two bits, stores 

a class 1 that indicates access authorization to an access point to which the 
wireless station is assigned, 

a class 2 that indicates access authorization to predetermined access points 
included in a local area network (LAN) to which the wireless station is assigned, 

a class 3 that indicates access authorization to all access points included in the 
LAN to which the wireless station is assigned, and 
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a class 4 that indicates access authorization to multiple access points included in 
a wide area network (WAN). 
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